An attack technique being used for some years elsewhere is now being used in targeting GCC organizations.

Attack Description:

Over the last few weeks we have witnessed multiple attacks where the attacker used EITHER a "Cousin (Look-alike) Domain" setup for spear phishing Email communication OR

an Impersonated Social Media Account seemingly dormant with No or very Low Activity are being used for direct communication with the target victim.

Attack Objective:

The attacks mostly are very targeted towards "Staff Members" for compromising their various ID credentials including official Email & Social Media accounts as well as public Email and social media accounts

Mitigation Recommendations:

- Regularly analyze the look-alike domains for an MX (Mail Exchange) record

- Any suspicious domain should be included in the organization Email firewall blacklist

* to block Emails coming inwards from such domains

* to block any Email where in the body there is a URL of that domain

- Monitor and Take-down across all Social Media any Impersonated Accounts that may even seem dormant